Issue #8858 has been updated by James Turnbull. Status changed from Unreviewed to Needs More Information Assignee set to Ryan Conway Priority changed from High to Normal
What Puppet version is this? What Ruby version? What platform? I am using Puppet 2.7.1 on 1.9.2 without needing to do this so I'd like to understand what your environment is like. ---------------------------------------- Bug #8858: Puppet registration with master with Ruby 1.9.2 https://projects.puppetlabs.com/issues/8858 Author: Ryan Conway Status: Needs More Information Priority: Normal Assignee: Ryan Conway Category: Target version: Affected Puppet version: Keywords: Branch: When using Puppet 1.9.2, when trying to register the agent with a master, it fails to obtain the master certificate, and therefore fails to complete registration or retrieve and apply a configuration. /usr/local/bin/puppetd --server mypuppetmaster.domain.com --no-daemonize --onetime produces errors along the lines of: err: Could not request certificate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed In order to fix this, you need to do the following *before* running the initial registration: Obtain your openssl base directory: openssl version -d This results in something like /usr/lib/openssl/ Copy your PuppetMaster CA.pem to somewhere, like /etc/puppet/ssl/certs/masterca.pem Generate a hash of the masterca.pem file: openssl x509 -hash -noout -in /etc/puppet/ssl/certs/masterca.pem This results in something like '520f3686'. Symlink the hash into your openssl basedir, within the certs directory, appending .0: ln -s /etc/puppet/ssl/certs/masterca.pem /usr/lib/openssl/certs/520f3686.0 Finally, re-run the registration, which should now work as expected. /usr/local/bin/puppetd --server mypuppetmaster.domain.com --no-daemonize --onetime The workaround I found on the following thread: https://groups.google.com/group/puppet-users/browse_thread/thread/fa49f1b9b36ceac6/72bf694d4e2f3012?pli=1 Note: if you have already tried to register with a master, you will need to clear your /etc/puppet/ssl directory, before trying these steps, otherwise the cached versions will be used, and the workaround will fail. This only seems to affect Ruby 1.9. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
